Over-sharing 101: How to Make Your Enterprise Social Software Secure…

And bypass risky social freeware that compromises corporate information

Social networking pervades personal and business communications with Tweets, Facebook updates, Digg posts and similar messaging efforts now essential in today’s knowledge society.

Beyond those social media tools, there is a growing array of social freeware enhancing productivity with tools like browsers and web page builders, making them potentially valuable applications for employees.

However, this social freeware also encourages users to bypass enterprise IT security and share sensitive corporate information. These applications are risky for companies and their employees who may wittingly or unwittingly compromise personal and professional information. A better choice is enterprise social software.

By providing employees with enterprise social networking software that meets their needs for productivity and information sharing, the business short-circuits the desire for employees to go out and find these applications on their own. Consider it the next evolution of the company intranet. An added benefit is increased collaboration among social software users. Social software provides an easy method for sharing documents, notes, video and audio presentations, and any other pertinent information.

Sadly, the enterprise has no control over the usage, access or security vulnerabilities of social software applications developed outside of the company. Simply attempting to forbid the use of these applications is likely to be resisted or ignored completely as employees want to take advantage of the benefits of these tools, regardless of the implications for corporate security.

Security considerations

The company doesn’t necessarily need to develop the enterprise social networking software itself. It can look to the developer community to create applications that meet their needs by building in the capability to control usage through access and authorization limitations.

Among the security precautions to include in any enterprise social networking software application:

Authentication - By maintaining a central database for authentication, the company can approve, and just as easily revoke, authentication across the enterprise and all integrated systems.

Password usage - Require users to select strong passwords. Given the opportunity, employees will default to simple login credentials. This makes social media applications a popular target for hackers.

Layered authorization - There are legitimate business reasons for customers, vendors, business partners and internal personnel to have access to different elements of an application. For example, using layered authorization enables the company to give customers access to areas of the network related to their purchases, while internal executives can be authorized to access internal company information.

Required security precautions - Ensure that connected devices have updated patches, firewalls and other pertinent safety measures. If these devices aren’t protected by the latest security precautions, they can let in malware that will infect the entire network.

Notification capability - Encourage users to notify IT of any security anomalies they encounter when using the application. They may notice a security issue before management recognizes it or prior to internal systems catching it. This also helps reinforce the idea that security is a concern of everyone in the organization, not just IT.

The last item should be part of a comprehensive, ongoing effort to ensure that employees are aware of the threats, including some of the more common spyware, malware and social engineering techniques hackers employ in attempts to compromise corporate and personal data.

Be selective about sharing information

Question each link – unless from a known source, don’t open it.

Even if a link is from a known source, don’t open files that don’t seem right. A high-level business associate is unlikely to send you a link for a "funny photo"; just as your bank will not ask you to confirm your identity, account number and password via e-mail.

Be skeptical. You didn’t win a lottery that you never entered. An unknown royalty in a foreign country didn’t decide to leave you a fortune. These types of come-ons have been occurring since long before the Internet and will continue long after the next great communications evolution.

Social networking can provide enormous benefits for collaboration, customer interaction, competitive intelligence and sense of community. But rather than leaving the company open to the vulnerabilities of social freeware, the prudent companies are deploying enterprise social software.